Monday, September 29, 2003

What is a one-way function, intuitively a function that is
easy to compute and hard to invert? Taking this intuitive idea to a
formal definition has yield two quite different meanings, sometimes
causing confusion.

The first directly tries to translate the intuition. A function f is
one-way if

f is 1-1 (so an inverse is unique),

f is length increasing (so the output of the inverse function is
not too large),

f is computable in polynomial time, and

there is no polynomial-time computable g such that for all x,
g(f(x))=x.

This is a nice clean definition that fulfills the intuition but is not
that useful for cryptography, since f could be easily invertible on
all but a small number of inputs, or with stronger adversaries. To
handle these issues we have a different looking definition.

A function f is r(n)-secure one-way if

There is a function l(n)≥n such that f maps strings of length
n to strings of length l(n),

f is computable in polynomial time, and

for all probabilistic polynomial-time algorithms A, the
probability that f(A(f(x)))=f(x) is at most r(n) where the probability
is taken over x chosen uniformly from the strings of length n and the
random coins used by A.

There are many variations on both definitions and a considerable
amount of theory devoted to each. Grollmann and Selman
show
that one-way functions of the first kind exist if
and only if P ≠ UP. On the
other hand Håstad, Impagliazzo, Levin and Luby show that from any
one-way function of the second kind, one can create a pseudorandom
generator.

At one point I tried using complexity-theoretic one-way functions and
cryptographic one-way functions to distinguish the two, but this only
caused confusion. So we have to live with the fact that we have these
two definitions with the same name and we'll have to just use context
to figure out which definition is appropriate. If you give a talk or
write a paper about one-way functions, it never hurts to distinguish
which version you are talking about.

Friday, September 26, 2003

UCLA Professor Andrew Kahng gave this wonderful speech to the incoming computer science graduate students. While designed for UCLA, with minor changes it applies to every research institution. Every graduate student or anyone interested in graduate school should read it.

Michael Nielsen, coauthor of my favorite book on quantum computing, has his own weblog. Worth checking out.

Thursday, September 25, 2003

We just got email that Proof, a movie adapted from the play, will be filmed in and around the University of Chicago campus over the next few weeks. I saw the play a couple of years ago in New York, a powerful story about an aging mathematician and his daughter. Given the cast, director and source material I would expect great things from the film version as well, and it certainly should best out the last movie I remember them filming here.

Wednesday, September 24, 2003

Christos Papadimitriou has been exercising his creative talents. He has a new book Turing (A Novel about Computation) building a love story around some of Turing's lectures. He is now working on Logicomix, computer science in comic book form. I can imagine it now, our hero NP-Man and his trusty sidekick P-Girl battle the evil Execution Time.

Monday, September 22, 2003

There has been some buzz about the paper Resource Bounded Unprovability
of Computational Lower Bounds by Tatsuaki Okamoto and Ryo
Kashima. They claim to show that no polynomial-time machine can
produce a proof of a super-polynomial-time lower bound for NP and as a
consequence there is no proof that P≠NP in any reasonable proof
system such as Peano Arithmetic. The first part I don't really
understand but the latter would be a major breakthrough.

But don't get too excited. I have heard from multiple sources that
Razborov has found serious problems in their paper, in particular
that Theorem 22 is just false. So as one complexity theorist put it,
"This is probably not the most important paper on your stack."

Friday, September 12, 2003

In a conversation I had last week, a professor planned to use slides
from lecture notes he found on the web in his own slides. He planned
to give attribution to the original producers of the slides but did he
need to contact them beforehand for permission. Technically yes,
material put on the web is copyrighted by default. But if he sent them
email most responses would be of the form, "Please don't waste my
time!"

To deal with this issue, Creative Commons has a nice
service giving an easy way to release some rights for online
material. So I've added a link on the left column of the web log that
basically allows you to modify and distribute the material in this
weblog for noncommercial use with attribution. No need to ask me, not
that anyone has.

On another note, I'm on vacation next week and off the
internet. Back after that.

Thursday, September 11, 2003

(1) Exhibit an NP-complete language L, such that for all lengths
n≥1, L contains exactly half (2n-1) of the strings of
length n.

This question was posed by Ryan O'Donnell and solved by Boaz
Barak. Here is a proof sketch.

By using standard padding and encoding tools, (1) is equivalent to

(2) There is an NP-complete language L and a polynomial-time
computable function f such that for every n, there are exactly f(n)
strings in L of length n.

First we show how to achieve (2) if we replace "strings"
with "total witnesses." Consider pair of formulas φ and
¬φ. The total number of satisfying assignments between them
total 2n if the have n variables. We just create an
encoding that puts φ and ¬φ at the same length. The total
number of witnesses at that length is equal to 2n times the
number of formula pairs encoded at that length.

We now prove (2) by creating a language L that encodes
the following at the same length for each φ

φ, where φ is satisfiable.

(φ,w) where w is a satisfying assignment for φ and there is
another satisfying assignment u<w for φ.

You can check that the language is NP-complete and the total number of
strings in L for each φ is just the number of satisfying
assignments of φ.

Monday, September 08, 2003

I have received some requests for the call for papers for STOC 2004 which will be held in Chicago. Maybe it is because I gave the presentation for STOC 2004 at the 2003 business meeting, or because if you google 'STOC 2004' this weblog comes up in the list, or just because I'm in Chicago now, but I am not officially connected to STOC 2004.

Thursday, September 04, 2003

The Institute will be quite a complexity powerhouse this year. In addition to IAS fixtures Wigderson and Razborov, visiting are Russell Impagliazzo, Manindra Agrawal (with his students Kayal and Saxena at Princeton) and postdocs Boaz Barak, Subhash Khot, Ryan O'Donnell and Nate Segerland. These are just the ones I met yesterday during a short visit several weeks before their semester officially begins. We'll expect great things from them.

Here is a question we thought about yesterday, posed by Ryan O'Donnell and ultimately settled by Boaz Barak:

Exhibit an NP-complete language L, such that for all lengths n≥1, L contains exactly half (2n-1) of the strings of length n.

Tuesday, September 02, 2003

A colleague of mine, who shall remain nameless, likes to schedule time
for research, a certain set block of time during the day where he puts
off all his todo's and concentrates on science. Sounds good but often
his chair will stop by for some discussion or an impromptu meeting. The
colleague will say, "Sorry, but I reserved this time for
research&quot, but that argument didn't fly, the chair said he could
do research anytime. One day he said instead,
"Sorry I have a squash game" and the chair replied that they
would talk at a future time. Welcome to the academic world, where
research gets trumped by a meeting that itself can be trumped by a
squash game.

Is scheduling time for research a good idea? It depends on your
personality and your research style. If you find yourself with no
time to think about an interesting problem because too much else is
happening then yes, best to schedule a few hours where you promise
yourself you will do nothing else but research during those
times. This means more than not preparing for class but also ignoring
your computer. Checking email and surfing the web are themselves great
time sinks.

In my case, I find it difficult to just start thinking about research
at a given time. So I use the rule that research trumps all and when
inspiration hits me, or someone comes to my office with a research
question, I drop everything I can to work on the problem. Okay, I
can't skip a class for research but email, weblog posts, referee
reports, etc., should never stand in the way of science.